Researchers find 8 vulnerabilities in Nest security cameras


As more Internet of Things devices go online every day, the overall security of home networks decreases. Unfortunately, that means many IoT gadgets are left vulnerable to cyberattacks. In yet another revelation that these devices have fundamentally weak security, researchers have identified eight separate ways that a hacker can take over Nest cameras.

The popular devices reside both inside and outside of homes across the United States. Though Google, Nest’s parent company, has already announced that a fix is on the way, the problem may be even worse than originally thought.

Eight Ways In

A pair of cybersecurity researchers, Lilith Wyatt and Claudio Bozzato, from Cisco Talos discovered the vulnerabilities. Notably, they performed their tests on a Nest Cam IQ. Allegedly, this high-end camera features better security than standard models.

Manage your supply chain from home with Sourcengine

Nonetheless, the researchers found eight unique vulnerabilities in the camera’s software. These came from the Weave protocol—a system designed specifically to link IoT devices together. Unfortunately, this protocol helps power many other devices beyond the Nest Cam IQ.

One of the key issues allows hackers to access a copy of any data that is already on the camera. This can range from past video footage to configuration details to network information. Of course, with this, the hacker could then proceed to access the home network of an unfortunate user.

Another vulnerability allows hackers to permanently disable the camera, making it worthless. Meanwhile, a third flaw would even allow a hacker to add Nest devices to their own profile and take them over completely.

Fortunately for Nest owners, Google has already addressed the problem. In a statement, it says, “We’ve fixed the disclosed bugs and started rolling them out to all Nest Camera IQs. The devices will update automatically so there’s no action required from users.”

Big Picture

Though the Nest vulnerabilities are bad enough, experts fear that this may not be an isolated incident. In fact, researchers just published another report detailing how internet-connected smart speakers could be hijacked to cause permanent hearing damage.

In terms of security cameras specifically, many fear that the issue of easy illegal access is a far-reaching one. Alissa Knight, a senior cybersecurity analyst for the Aite Group, gives her opinion, “I’m not surprised. This problem is systemic across multiple camera brands.”

The industry as a whole must come together to fix this issue. In the meantime, consumers can take steps to protect themselves. For one, users should ideally connect IoT security cameras to a different Wi-Fi network than devices like computers. However, that isn’t always possible.

A practical step is to ensure that cameras are running the latest firmware and secure them with a strong password. This should be unique from the network’s password to prevent further breaches if the camera is the victim of a hack.